Formal description of HOrBAC model

Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.

Formal description of HOrBAC model

Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.

Formal description of HOrBAC model

Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.

Formal description of HOrBAC model

Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.

Formal description of HOrBAC model

Companies' information systems are regularly exposed to internal attacks perpetrated by users who have been granted access to the system. Discretionary, mandatory, role-based and organization-based access control models do not guarantee optimal protection against these attacks because these models trust in users. Therefore, they are unable to protect the system against attacks carried out by authenticated users, especially the super user who can carry out any type of internal attack on information system's data. The objective of this paper is to propose a model that excludes any trust in users. To do so, our model extends the OrBAC (Organization Based Access Control) model by integrating two concepts: the organizational hierarchy and the redundant authentication. The model thus implemented offers a hierarchical and redundant access control to data and processing in an information system based on zero trust in users.

Analysis of Security Based Accessibility Control Models for Cloud Computing

Access control has become the most necessary requirement to limit unauthorized and privileged access to information systems in cloud computing. Access control models counter the additional security challenges like rules, domain names, job allocation, multi hosting and separation of tasks. This paper classifies the conventional and modern access control models which has been utilized to restrain these access flaws by employing a variety of practices and methodologies. It examine the frequent security threats to information confidentiality, integrity, data accessibility and their approach used for cloud solutions. This paper proposed a priority based task scheduling access control (PbTAC) model to secure and scheduled access of resources & services rendered to cloud user. PbTAC model will ensure the job allocation, tasks scheduling and security of information through its rule policies during transmission between parties. It also help in reducing system overhead by minimize the computation and less storage cost.

A MODEL OF A DISTRIBUTED INFORMATION SYSTEM BASED ON THE Z39.50 PROTOCOL

Based on the analysis of typical scenarios of information servers, the tasks that should be solved when organizing an access control system for distributed information resources are formulated. The possibilities of the Z39.50 technologies as the most suitable for building such a system are considered. Within the framework of this technology, three access control models are discussed, which differ in the degree of integration of information server functions with the Z39.50 technologies.The creation and support of distributed information systems and electronic libraries that integrate heterogeneous information resources and operate in various software and hardware environments requires special approaches to managing these systems. If the resources or data themselves can be managed locally, even for distributed information systems, then the task of managing access to distributed resources cannot be solved within the framework of local administration. The justification of the last thesis can be seen when considering typical scenarios of the information server, which we will describe below

Service-Based Hybrid Access Control Technology with Priority Level for the Internet of Vehicles under the Cloud Architecture

The communication process of devices in IoV under cloud architecture needs to be protected by access control models. However, existing access control models have difficulty establishing the appropriate granularity of permissions in the face of large amounts of data in IoV. Moreover, the access control model may need to temporarily change user privileges to accommodate the dynamic nature of IoV scenarios, a requirement that is difficult to implement for traditional access control models. The unstable connection status of devices in IoV also creates problems for access control. The service (composed of role and attribute) based access control model (in IoV) S-RABAC (V), under the Cloud computing architecture, introduces a formal theoretical model. The model uses attribute grouping and prioritization mechanisms to form a hierarchical structure. The permission combination pattern in the hierarchical structure can avoid duplicate permissions and reduce the number of permissions while ensuring fine-grained permissions. Different layers in the model have different priorities, and when a user’s permission requires temporary changes, it can be adjusted to the corresponding layers according to the user’s priority. In addition, users are allowed to keep their assigned privileges for a period to avoid frequent access control because of unstable connections. We have implemented the proposed access control model in Alibaba Cloud Computing and given six example demonstrations. The experiment shows that this is an access control model that can protect IoV security more effectively. Various unique mechanisms in the model enable S-RABAC(V) to improve the overall access control efficiency. The model adds some extra features compared to ABAC and RBAC and can generate more access control decisions using the priority mechanism.

Access Control Models

Access control is a part of the security of information technologies. Access control regulates the access requests to system resources. The access control logic is formalized in models. Many access control models exist. They vary in their design, components, policies and areas of application. With the developing of information technologies, more complex access control models have been created. This paper is concerned with overview and analysis for a number of access control models. First, an overview of access control models is presented. Second, they are analyzed and compared by a number of parameters: storing the identity of the user, delegation of trust, fine-grained policies, flexibility, object-versioning, scalability, using time in policies, structure, trustworthiness, workflow control, areas of application etc. Some of these parameters describe the access control models, while other parameters are important characteristics and components of these models. The results of the comparative analysis are presented in tables. Prospects of development of new models are specified.